SFP Secondary Cluster: Unexpected Entry Points
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Unexpected Entry Points cluster.
The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
The program declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.
The software contains a clone() method that does not call super.clone() to obtain the new object.
The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
The program violates secure coding principles for mobile code by declaring a finalize() method public.
The software contains a finalize() method that does not call super.finalize().
Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know a...
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in a...
An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).